401.3 ACL issue in IIS

Re: 401.3 ACL issue in IIS

Why stick with a sub-par, highly insecure web server? Why not Apache on
Linux? And if you're afraid of Linux, why not try Ubuntu and a newbie
book to help you along?

On second website, do you have anonymous auth setup and the only thing
chosen for this website? If you don't, then the IUSR account isn't
going to be used, I don't think. I could go into a lot more detail
here, and am trapped by time right now, but that's the general area
where you need to be looking if you have already looked at NTFS
security for the IUSR account on that directory.

I migrated from Windows and .NET to LAPP (a variation on LAMP) about 3
years ago and I'm never going back. Ever.

Re: 401.3 ACL issue in IIS

Thanks for the Linux advertisment.

Anonymous access is the only auth type selected.

Re: 401.3 ACL issue in IIS

Josh wrote:[color=blue]
> Thanks for the Linux advertisment.
>
> Anonymous access is the only auth type selected.[/color]

Some options:

1. Have you bounced the web services to see if that fixes this?

2. Try, as an extremely brief test, to give the IUSR account local
admin rights and see if that clears it up. If so, then you are right to
think you should be chasing an ACL issue.

3. Have you gone back to the first website and it works, but this one
doesn't? If so, then compare everything about the two sites in property
sheet dialogs.

4. Are you not only looking at folder security, but file security, when
looking at NTFS?

5. Is this second website a "website" or "virtual dir" under IIS
vernacular? (These are two different things in IIS, with one having
more features than the other.) Or, is this second website a subfolder
off of the first website? I'm just curious to hear your answer -- might
give me a clue.

6. Try to make the test page in the second website about as simple as
possible, such as simply create a file like:

<?php
phpinfo();
?>

7. What if you put an ASP page there and test? For instance:

<%
Response.Write "Help! I'm trapped in this IIS box and I wish I were
running on Linux Apache!"
%>
<BR>
<input type=button value="Click here for porn..." onClick="alert( 'Don't
worry, we notified your wife.')"/>

8. Do you control the rights on this web server or does someone else
and you're taking their word, second-hand? In some bureacratic
companies, you might be forced to let the net nazi's at the corp.
office create website dirs for you. I hate that because IT ops net nazi
types don't make great programmers all the time and may not care to
chase down an ACL issue for you logically like a programmer would.

Re: 401.3 ACL issue in IIS

It's now working for me. I have no idea what changed. I was adding
php to other websites on the server succesfully. I bounced the web
services after updating each site. I went back to test the problem
site a few times with no success, then bam, it was suddenly working.

Thanks for the suggestions. The problem was fixed before I saw them.
I'll answer your questions to clarify it for others if they come across
the issue:

1. Yes, I tried bouncing the service after updating each website to use
PHP.
2. Didn't try giving IUSR admin rights, but it appears this wouldn't
have solved anything.
3. Property sheets were basically identical.
4. I did look at the file security for the test.php file I was using.
It was OK.
5. The second website was not a virtual dir, though it does contain a
number of them. I was testing at the root of the site.
6. Exactly what I was doing.
7. The problem site was an all asp site, and asp was working fine.
8. I control the rights.